[X2Go-Commits] [x2goclient] 02/02: src/httpbrokerclient.cpp: do not leak password length in debug output either.
git-admin at x2go.org
git-admin at x2go.org
Mon Sep 30 19:42:33 CEST 2019
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2goclient.
commit 132603ebdd04ba934f77b5767c71c48ed8973af2
Author: Mihai Moldovan <ionic at ionic.de>
Date: Mon Sep 30 19:29:29 2019 +0200
src/httpbrokerclient.cpp: do not leak password length in debug output either.
---
debian/changelog | 2 ++
src/httpbrokerclient.cpp | 4 +++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 2ba277b..132f9d5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -116,6 +116,8 @@ x2goclient (4.1.2.2-0x2go1) UNRELEASED; urgency=medium
#1393.
- res/i18n/x2goclient_*.ts: replace changed source strings, no
retranslations required.
+ - src/httpbrokerclient.cpp: do not leak password length in debug output
+ either.
* debian/control:
+ Add build-depend on pkg-config.
* x2goclient.spec:
diff --git a/src/httpbrokerclient.cpp b/src/httpbrokerclient.cpp
index d264c11..e41e9d6 100644
--- a/src/httpbrokerclient.cpp
+++ b/src/httpbrokerclient.cpp
@@ -893,7 +893,9 @@ QString HttpBrokerClient::scramblePwd(const QString& req)
{
plength=endPos-startPos;
}
- scrambled.replace(startPos,plength,'*');
+ scrambled.remove(startPos, plength);
+ // Hardcode a value of 8 here - the length of the string "password".
+ scrambled.insert(startPos, QString ('*').repeated (8));
}
return scrambled;
}
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
More information about the x2go-commits
mailing list